Manage HLS playback over SSL for Wowza CDN on Fastly with the Wowza Streaming Cloud REST API

When you broadcast an HLS stream using the Wowza Streaming Cloud™ service, you have complete control over whether or not Secure Socket Layer (SSL) is used to establish a handshake for encrypting the HTTP connections that deliver the stream to viewers. By default, Wowza Streaming Cloud uses relative playlists, which allows streams to be played over HTTP or HTTPS—or both. This provides the greatest flexibility for your viewers. You can, however, require that viewers watch a live stream over HTTPS. Requiring viewers to watch a stream over HTTPS ensures an encrypted connection during playback. 

Note: This article applies to Wowza CDN on Fastly stream targets only. To manage secure HLS playback for Wowza CDN on Akamai stream targets, see Manage HLS playback over SSL for Wowza CDN on Akamai with the Wowza Streaming Cloud REST API.

Before you start

You should complete the following tasks:

  • Create a live stream or a transcoder. You'll need the resulting stream_targets_id if you would like to deliver a HLS stream for playback over HTTPS only. View our Connect a source topics to learn how to create a live stream or transcoder.
     

About SSL playback from Wowza CDN on Fastly stream targets


Live streams delivered from Wowza Streaming Cloud travel across the Internet in two stages to reach their audiences. After Wowza Streaming Cloud transcodes (or passes through) the encoded live source video, it sends the stream to geographically distributed servers called stream targets. Those Wowza CDN on Fastly targets then deliver the live stream to viewers, such as through a hosted webpage or a direct playback URL.

Wowza Streaming Cloud uses the HTTP protocol to make these two outbound network transfers, delivering streams for playback over HLS. For this HTTP delivery, Wowza Streaming Cloud generates a relative playlist, which means that the stream can be viewed over HTTP or HTTPS. The viewer is not restricted to the secured or unsecured protocol.

When you choose to deliver a live stream via Wowza CDN on Fastly stream targets, you can enjoy the default flexibility of relative playlists, or you can control whether the viewer has to use HTTPS to watch the stream.

Live stream workflow 

Play HLS over HTTP or HTTPS

Depending on how you want to make the stream available, do one of the following using details from the live stream.

  • Use the HLS playback URL returned as the player_hls_playback_url value to play the stream in a browser or player that supports HLS. Although the playback URL appears as HTTPS, the playback URL can also be accessed using HTTP.
    For example:
    https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8


  • If you created a hosted page, use the hosted_page_url value to share the hosted page URL. Although the hosted page URL appears as HTTPS, the page can also be viewed using HTTP.
    For example:
    https://player.cloud.wowza.com/hosted/[player_id]/player.html


  • If you want to include the stream on an external website (HTTP or HTTPS), use the player_embed_code value, which uses a relative URL in the JavaScript call for the player.
    For example:
    <div id='wowza_player'></div>\n<script id='player_embed' src='//player.cloud.wowza.com/hosted/[player_id]/wowza.js' type='text/javascript'></script>\n

Deliver an HLS stream for playback over HTTPS only


You can require SSL for HLS playback, if desired. This ensures that viewer clients connect securely to view the stream over HTTPS. 

  1. Update the Wowza CDN on Fastly targets associated with your live stream to enable force_ssl_playback.

    You can use the following sample request, making sure to:

    • Set force_ssl_playback to true.
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference
    curl -X PATCH \
    -H "Content-Type: application/json" \
    -H "wsc-api-key: ${WSC_API_KEY}" \
    -H "wsc-access-key: ${WSC_ACCESS_KEY}" \
    -d '{ 
       "stream_target_fastly": { 
         "force_ssl_playback": true 
        } 
    }' "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/fastly/{stream_target_id}"

    Sample response

    {    
      "stream_target_fastly": {      
        "id": "abc1234",
        "name": "MyLiveStream / Stream Target",
        "state": "activated",
         ...
        "force_ssl_playback": true,      
         ...
      } 
    
    } 

  2. Configure the relativePlaylist property to deliver an HLS stream for playback over HTTPS only

    Configure the relativePlaylist property to send the stream's chunklists from the target to the player with HTTPS as the protocol prefix.

    You can use the following sample request, making sure to:

    • Set key to relativePlaylists
    • Set section to playlist
    • Set value to false.
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference

    curl -X POST \
    -H "Content-Type: application/json" \
    -H "wsc-api-key: ${WSC_API_KEY}" \
    -H "wsc-access-key: ${WSC_ACCESS_KEY}" \
    -d '{   
      "property": {     
      "key": "relativePlaylists",     
      "section": "playlist",     
      "value": false  
      } 
    }' "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/[stream_target_id]/properties"

    Sample response

    {    
      "property": {      
        "key": "relativePlaylists",      
        "section": "playlist",      
        "value": false 
      } 
    
    } 



  3. Playback over HTTPS only

    Do one of the following for playback over HTTPS only, depending on how you want to make your live stream available:

  • Use the HLS playback URL returned as the player_hls_playback_url value to play the stream in a browser or player that supports HLS. The playback URL can only be accessed using HTTPS.
    For example:
    https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8
  • If you created a hosted page, use the hosted_page_url value to share the hosted page URL. The hosted page can only be viewed using HTTPS.
    For example:
    https://player.cloud.wowza.com/hosted/[player_id]/player.html
  • If you want to include the stream on an external website (HTTPS), use the player_embed_code value, which uses a relative URL in the JavaScript call for the player.
    For example:
    <div id='wowza_player'></div>\n<script id='player_embed' src='//player.cloud.wowza.com/hosted/[player_id]/wowza.js' type='text/javascript'></script>\n

    Transcoder workflow  

More resources


Transcoder workflow 

Play HLS over HTTP or HTTPS

For the playback_url, refer to hls in the playback_urls returned in the stream target details. Use this URL to play the stream in a browser or player that supports HLS. Although the playback URL appears as HTTPS, the playback URL can also be accessed using HTTP.

For example:
https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8

Deliver an HLS stream for playback over HTTPS only


You can require SSL for HLS playback, if desired. This ensures that viewer clients connect securely to view the stream over HTTPS.

  1. Update the Wowza CDN on Fastly targets associated with your transcoder to enable force_ssl_playback

    You can use the following sample request, making sure to:

    • Set force_ssl_playback to true.
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference

    curl -X PATCH \
    -H "Content-Type: application/json" \
    -H "wsc-api-key: ${WSC_API_KEY}" \
    -H "wsc-access-key: ${WSC_ACCESS_KEY}" \
    -d '{ 
       "stream_target_fastly": { 
         "force_ssl_playback": true 
        } 
    }' "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/fastly/{stream_target_id}"

    Sample response

    {    
      "stream_target_fastly": {      
        "id": "abc1234",
        "name": "MyTranscoder / Stream Target",
        "state": "activated",
         ...
        "force_ssl_playback": true,      
         ...
      } 
    
    }


  2. Configure the relativePlaylist property to send the stream's chunklists from the target to the player with HTTPS as the protocol prefix.

    You can use the following sample request, making sure to:

    • Set key to relativePlaylists
    • Set section to playlist
    • Set value to false
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference
    curl -X POST \
    -H "Content-Type: application/json" \
    -H "wsc-access-key: [key]" \
    -H "wsc-timestamp: [timestamp]" \
    -H "wsc-signature: [signature]" \
    -d '{   
      "property": {     
      "key": "relativePlaylists",     
      "section": "playlist",     
      "value": false  
      } 
    }' "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/[stream_target_id]/properties"

    Sample response

    {    
      "property": {      
        "key": "relativePlaylists",      
        "section": "playlist",      
        "value": false 
      } 
    
    } 

    For more information about configuring stream target properties and related requests, see How to set advanced properties using the Wowza Streaming Cloud REST API.

  3. Playback over HTTPS only

    For the playback over HTTPS only, refer to hls in the playback_urls object returned in the stream target details. Use this URL to play the stream in a browser or player that supports HLS. The playback URL can only be accessed using HTTPS.
    For example:
    https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8

More resources